Synchronizer Token Pattern - Introduction

Double Submit Problem

What is the requirement of having this pattern. Some examples such as Add to cart being pressed twice can result in 2 items in the cart etc. The example should provide or demonstrate how devastating this can be. Some financial example such as clicking on Pay button twice could charge credit card twice etc.

Solutions for Double Submit Problem

Can be server side or client side. Server Vs Client which one is better?

Client Side Solution - Javascript Control Disabling

Briefly describe the approach. Discuss pros and cons.

POST-REDIRECT-GET

Briefly describe the approach. Discuss pros and cons.

Synchronizer Token Pattern

How the patten works? Diagrammatic Representation? Theoretical View? Reply on session.

Using POST-REDIRECT-GET avoids accidental double submits of a single request but does not help prevent a user from completing the same business process twice. Such a business process is typically composed of multiple pages spanning several requests. Synchronizer token pattern adds additional safety on top of the POST-REDIRECT-GET idiom by preventing a possibly intentional resubmit of a page. Both the techniques should typically be combined to deliver a complete solution.

Implementations of the pattern provided by various frameworks

Struts

Spring Web Flow

Ruby on the Rails

Grails

References

[1] References go here